package org.opensaml.xml.security.x509;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.ssl.TrustMaterial;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.IPAddressHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/xml/security/x509/X509Util.class */
public class X509Util {
    public static final String CN_OID = "2.5.4.3";
    public static final Integer OTHER_ALT_NAME = new Integer(0);
    public static final Integer RFC822_ALT_NAME = new Integer(1);
    public static final Integer DNS_ALT_NAME = new Integer(2);
    public static final Integer X400ADDRESS_ALT_NAME = new Integer(3);
    public static final Integer DIRECTORY_ALT_NAME = new Integer(4);
    public static final Integer EDI_PARTY_ALT_NAME = new Integer(5);
    public static final Integer URI_ALT_NAME = new Integer(6);
    public static final Integer IP_ADDRESS_ALT_NAME = new Integer(7);
    public static final Integer REGISTERED_ID_ALT_NAME = new Integer(8);

    /* loaded from: input_file:org/opensaml/xml/security/x509/X509Util$ENCODING_FORMAT.class */
    public enum ENCODING_FORMAT {
        PEM,
        DER
    }

    protected X509Util() {
    }

    public static X509Certificate determineEntityCertificate(Collection<X509Certificate> collection, PrivateKey privateKey) throws SecurityException {
        if (collection == null || privateKey == null) {
            return null;
        }
        for (X509Certificate x509Certificate : collection) {
            if (SecurityHelper.matchKeyPair(x509Certificate.getPublicKey(), privateKey)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static List<String> getCommonNames(X500Principal x500Principal) {
        Logger logger = getLogger();
        if (x500Principal == null) {
            return null;
        }
        logger.debug("Extracting CNs from the following DN: {}", x500Principal.toString());
        LinkedList linkedList = new LinkedList();
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(x500Principal.getEncoded());
            DERObject readObject = aSN1InputStream.readObject();
            for (int i = 0; i < ((DERSequence) readObject).size(); i++) {
                DERObject dERObject = ((DERSequence) readObject).getObjectAt(i).getDERObject();
                if (dERObject instanceof DERSet) {
                    for (int i2 = 0; i2 < ((DERSet) dERObject).size(); i2++) {
                        DERSequence dERSequence = (DERSequence) ((DERSet) dERObject).getObjectAt(i2).getDERObject();
                        if (dERSequence.getObjectAt(0) != null && (dERSequence.getObjectAt(0).getDERObject() instanceof DERObjectIdentifier) && CN_OID.equals(((DERObjectIdentifier) dERSequence.getObjectAt(0).getDERObject()).getId()) && dERSequence.getObjectAt(1) != null && (dERSequence.getObjectAt(1).getDERObject() instanceof DERString)) {
                            linkedList.add(((DERString) dERSequence.getObjectAt(1).getDERObject()).getString());
                        }
                    }
                } else {
                    logger.debug("No DN components.");
                }
            }
            aSN1InputStream.close();
            return linkedList;
        } catch (IOException e) {
            logger.error("Unable to extract common names from DN: ASN.1 parsing failed: " + e);
            return null;
        }
    }

    public static List getAltNames(X509Certificate x509Certificate, Integer[] numArr) {
        Logger logger = getLogger();
        if (x509Certificate == null) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        try {
            Collection<List> subjectAlternativeNames = X509ExtensionUtil.getSubjectAlternativeNames(x509Certificate);
            if (subjectAlternativeNames != null) {
                for (List list : subjectAlternativeNames) {
                    int length = numArr.length;
                    int i = 0;
                    while (true) {
                        if (i < length) {
                            Integer num = numArr[i];
                            if (list.get(0).equals(num)) {
                                linkedList.add(convertAltNameType(num, list.get(1)));
                                break;
                            }
                            i++;
                        }
                    }
                }
            }
            return linkedList;
        } catch (CertificateParsingException e) {
            logger.error("Encountered an problem trying to extract Subject Alternate Name from supplied certificate: " + e);
            return linkedList;
        }
    }

    public static List getSubjectNames(X509Certificate x509Certificate, Integer[] numArr) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(getCommonNames(x509Certificate.getSubjectX500Principal()).get(0));
        linkedList.addAll(getAltNames(x509Certificate, numArr));
        return linkedList;
    }

    public static byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        Logger logger = getLogger();
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
        if (extensionValue == null || extensionValue.length == 0) {
            return null;
        }
        try {
            SubjectKeyIdentifierStructure subjectKeyIdentifierStructure = new SubjectKeyIdentifierStructure(extensionValue);
            if (subjectKeyIdentifierStructure != null) {
                return subjectKeyIdentifierStructure.getKeyIdentifier();
            }
            return null;
        } catch (IOException e) {
            logger.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e);
            return null;
        }
    }

    public static Collection<X509Certificate> decodeCertificate(File file) throws CertificateException {
        if (!file.exists()) {
            throw new CertificateException("Certificate file " + file.getAbsolutePath() + " does not exist");
        }
        if (!file.canRead()) {
            throw new CertificateException("Certificate file " + file.getAbsolutePath() + " is not readable");
        }
        try {
            return decodeCertificate(DatatypeHelper.fileToByteArray(file));
        } catch (IOException e) {
            throw new CertificateException("Error reading certificate file " + file.getAbsolutePath(), e);
        }
    }

    public static Collection<X509Certificate> decodeCertificate(byte[] bArr) throws CertificateException {
        try {
            return new TrustMaterial(bArr).getCertificates();
        } catch (Exception e) {
            throw new CertificateException("Unable to decode X.509 certificates", e);
        }
    }

    public static Collection<X509CRL> decodeCRLs(File file) throws CRLException {
        if (!file.exists()) {
            throw new CRLException("CRL file " + file.getAbsolutePath() + " does not exist");
        }
        if (!file.canRead()) {
            throw new CRLException("CRL file " + file.getAbsolutePath() + " is not readable");
        }
        try {
            return decodeCRLs(DatatypeHelper.fileToByteArray(file));
        } catch (IOException e) {
            throw new CRLException("Error reading CRL file " + file.getAbsolutePath(), e);
        }
    }

    public static Collection<X509CRL> decodeCRLs(byte[] bArr) throws CRLException {
        try {
            return CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCRLs(new ByteArrayInputStream(bArr));
        } catch (GeneralSecurityException e) {
            throw new CRLException("Unable to decode X.509 certificates");
        }
    }

    public static String getIdentifiersToken(X509Credential x509Credential, X500DNHandler x500DNHandler) {
        X500DNHandler internalX500DNHandler = x500DNHandler != null ? x500DNHandler : new InternalX500DNHandler();
        X500Principal subjectX500Principal = x509Credential.getEntityCertificate().getSubjectX500Principal();
        StringBuilder sb = new StringBuilder();
        sb.append('[');
        sb.append(String.format("subjectName='%s'", internalX500DNHandler.getName(subjectX500Principal)));
        if (!DatatypeHelper.isEmpty(x509Credential.getEntityId())) {
            sb.append(String.format(" |credential entityID='%s'", DatatypeHelper.safeTrimOrNullString(x509Credential.getEntityId())));
        }
        sb.append(']');
        return sb.toString();
    }

    private static Object convertAltNameType(Integer num, Object obj) {
        Logger logger = getLogger();
        if (DIRECTORY_ALT_NAME.equals(num) || DNS_ALT_NAME.equals(num) || RFC822_ALT_NAME.equals(num) || URI_ALT_NAME.equals(num) || REGISTERED_ID_ALT_NAME.equals(num)) {
            return obj;
        }
        if (IP_ADDRESS_ALT_NAME.equals(num)) {
            return IPAddressHelper.addressToString((byte[]) obj);
        }
        if (EDI_PARTY_ALT_NAME.equals(num) || X400ADDRESS_ALT_NAME.equals(num) || OTHER_ALT_NAME.equals(num)) {
            return ((DERObject) obj).getDEREncoded();
        }
        logger.warn("Encountered unknown alt name type '{}', adding as-is", num);
        return obj;
    }

    private static Logger getLogger() {
        return LoggerFactory.getLogger(X509Util.class);
    }
}
